Posted
by
timothy
on Tuesday March 10, 2015 @12:10PM
from the hey-fellas-we-were-expecting-you dept.

According to a story at The Guardian passed on by an anonymous reader, The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed. he newly disclosed documents from the National Security Agency's internal systems show surveillance methods were presented at its secret annual conference, known as the "jamboree."

They probably also write some of the more popular free games/apps out there as well. Not a great way of bugging a phone but still a way of getting their malware out there. Or at least it wouldn't hurt...

Re: "They probably also write some of the more popular free games/apps out there as well. Not a great way of bugging a phone but still a way of getting their malware out there. Or at least it wouldn't hurt..."
The telco network tracks a person, the soft glowing power down and sealed battery design ensure a device is always network ready, the hardware is mic, text, gps gov wiretap friendly as designed. Games help keep a person wanting to ensure the device is powered and in use during the day and into the n

And neither can the NSA. Technically. Unlike the CIA, the NSA is a signals intelligence organization with no enforcement power and no operational branch to speak of. It's threat is simply that it can provide information very efficiently.

In reality, any government organization has the capability to get you arrested, even the fire department, based on either an interesting interpretation of their powers, or their ability to turn over information to someone who can arrest or otherwise harm you.

I'd also point out that in a certain book, the "firemen" were those who entered areas to burn that which threatened the existing order. The parallel is intentional. The government is what its powers are and how they use them. Labeling something as "fire department" or "police" or "signals intelligence" or "health care" is only valid in the sense that the government maintains that separation or can somehow be forced to do so.

The problem with the NSA is *not* that they collect intelligence on US citizens. Your internet provider accidentally does that every day for troubleshooting purposes. It is that we fear that the NSA can turn into an organization bereft of limitations on what they can *use* the information for and who they can share that information with. The ability to get away with that can affect any agency of the Federal government, from DHS to HHS.

For the most part, the fire department doesn't drive around stripping off insulation from electrical wires or drilling little holes in gas pipes under your house. Sure they _theoretically_ could, but the CIA is actually at this very moment doing this exact thing.

The biggest part of this story is a poisoned Xcode, and it's not even mentioned in TFS. WTF?

The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool....

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could "force all iOS applications to send embedded data to a listening post." It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

For the most part, the fire department doesn't drive around stripping off insulation from electrical wires or drilling little holes in gas pipes under your house. Sure they _theoretically_ could, but the CIA is actually at this very moment doing this exact thing.

I think that the firemen had their chance at such a career when they were called out to use their water hoses on protestors during the civil rights movement, which they did a couple of times. Then, there were arsons set which turned out to be sniper attempts to shoot firemen that came to fight the fire. After that, firemen typically will loan their equipment out to police for such things, but refuse to get involved themselves. As pretty much the only uniformed service that people actually like rather than f

I will correct you on one thing. We don't fear the NSA will turn into something evil, we know it will. Power leads to corruption and abuse of authority. 70,000 incidents of NSA operatives spying on their significant others in contravention of the law with NO repercussions to those individuals is proof enough that the NSA will eventually abuse it's authority in a significant and likely very bad way to our democracy.

Although I am not as certain as you are, I agree that the NSA could use that power nefariously. I just think the outrage is missing the point. We're piling our dislike on one agency, while calmly ignoring the threat of the whole.

I'm not defending the NSA. Far from it. I just want to clarify that I feel that the NSA is merely on the bleeding edge of that sort of abuse. We could throw every NSA staffer in jail and shut down all its functions, and all we've done is put a finger in an increasingly unstable dyke because we're not addressing the actual problem, just the symptom.

The problem is simply that all of that information is there, whether it is the NSA or the FSB or Google that has it. The NSA isn't some shadowy organization using alien technology hundreds of years ahead of us, it's just slightly ahead of the curve. Until you address that, you're just going to play whack-a-mole with whatever agency decides to overstep its bounds next Tuesday.

Actually, no. With Google, I can still opt in or out. With gov backed NSA back-dooring every ISP effectively in the world.... I can't opt out without cutting all internet connectivity. See the admittedly minor difference? </sarcasm>

Yeah, except you're not going to opt out. Not really. Oh sure, you might opt out of Google or some specific company for some specific purpose, but you're still going to opt-in everywhere else and they're all collecting your data.

You're more likely to be hit with annoyances like targeted sales calls or social engineering from random non-governmental actors than you ever will be by something like the NSA. The NSA doesn't care about you, it doesn't care about me. Not unless you fit a profile, and that prof

But you might fit the profile that comes into vogue next week, or next month, or next year. That's the problem with this type of data. Or, worse, you might be associated with someone that fits the profile, and that will be that.

The very act of having an nationalized health care system would put as much personal information in the hands of the US Government any random NSA snoop of Wikipedia or break in on someone's mobile would.

What utter fucking bullshit.

Can my health records determine who I am friends with? Where I go? Where I browse online? Who I communicate with? What investments I have? And 100 other things the gov't could (and have) use as leverage to get information out of me if they wanted.

I disagree with your assessment of the comparative threat. All of those things are interesting, to be sure, but were never actually *private*, as in privileged or personal. There was just never a particularly easy to put that information together, but for the most part, none of that is actually personal.

Heath care information is actually personal, and includes a lot of details, including payment details, specific and possibly embarrassing health conditions, and a lot of other things you'd have no other wa

Do you think that the US would exist separate from England if the king was able to determine where everyone went and who they communicated with? No, instead the founding fathers would have all been executed and the subjugation of the American people by a tyrannical dictator would have continued. If there is no threat from the people, what will stop the US government from becoming tyrannical?

Can my health records determine who I am friends with? Where I go? Where I browse online? Who I communicate with? What investments I have? And 100 other things the gov't could (and have) use as leverage to get information out of me if they wanted.

May not. But what if they wanted you out of the picture by inserting a history of mental illness or paranoid schizophrenia into your medical health records. That could be an excuse to confiscate your guns or have you institutionalized. And these are the things off the top of my head, I'm sure the govt. could come up with even more sinister/evil things to do to one's records.

One can switch insurance companies, companies who compete for business. Government's don't compete for customers. Big difference.
I never voted for a single bureaucrat at the HHS, and neither did you. Our congresscritters never read the bill before voting on it. We truly live in a post-constitutional era.

Sorry, no. As despised as the IRS is, it performs according to it's charter and the constitution (for the most part).

The NSA is an actual domestic enemy of the people. It's activities are illegal and it is actively damaging everyone's rights and security.

Nationalized health care would NOT give any government agent the ability to know exactly where I am most all of the time like the NSA illegally hacking my phone would. It would not let anyone know who I talk to, when that happens, or what was said like the

A charter is a piece of paper to those who have power and know how to get around it.

We're effectively assuming that we can trust some government bureaucrats in a government but not others. What makes the IRS more trustworthy? We have some evidence that at least some of them are not. Do we wait until they've more fully broken our trust before we question their desire to accumulate more and more information?

Candidly, I am not entirely sure I see the difference between what the NSA is collecting, and what w

I won't claim the IRS is angelic. In fact, I think we need to review what information they collect to be on the safe side.

But the NSA has clearly stepped over the line. It is no longer a possibility to worry about, it is a fact. They aren't just a potential enemy to be watched, they are an actual current enemy to be eliminated.

I can understand the fifth amendment, but self incrimination is not the same thing as looking at your paper trail, and the fourth amendment concerns I see are just the same old standard fourth amendment issues we tech people have with all government agencies.

The big news is that Snowden's 15 minutes of fame are over. These "revelations" are being met with a big yawn.

Which is a development that is meeting with much approval in the headquarters of the CIS, NSA, FBI, MI5, MI6, BND, MAD, DGSE, DGSI, BRGE,.... and anywhere else where revelations about the government monitoring every move of the voting public are potentially damaging to the funding of the aforementioned organizations.

Where, a few years ago, they would have been met with accusations of being a conspiracy theorist. Having documentation can make a big difference in how we handle things. At this point, I think the answer is quite clear regarding the alphabet soup spies: Nuke them from orbit. It's the only way to be sure.

You're misunderstanding. If you create a form of encryption to which you do not hold the keys, all of the compelling in the world isn't going to do anything. Which is what most modern OS's including ios do.

The sad part is that you can take whatever atrocity you would have attributed to the Commies in the 1980 and transplant it to today's "world of the free" without losing any credibility. Take whatever story from back then, replace "Russia" with "USA" and "KGB" with "NSA" and you're good for another headline.

Ok, you could have done that any time. But now it doesn't take a conspiracy nut to consider it credible.

Sending political prisoners to asylums on a regular basis?Shooting people who try and leave your country?Covering up gigantic nuclear power plant meltdowns until there's so much radiation that denying it ceases to have a point?

So here's me saying that I don't really agree with you on your assertion.

We still have the Guantanamo Bay prison open. Not really political prisoners, but a number are innocent yet still stuck there. The government does go after people who try to act politically. They just don't send them to asylums (usually). But they do try to intimidate them, interfere with their plans and try to discredit them publicly.

Shooting people who try and leave your country?

Yeah, we don't do that, thankfully.

Covering up gigantic nuclear power plant meltdowns until there's so much radiation that denying it ceases to have a point?

Remember when the EPA said it was safe for people to return to lower Manhattan after 9/11/01? It wasn't, and they knew it.

So here's me saying that I don't really agree with you on your assertion.

Only the unpleasant ones. For which the US has a much more sensible system than the USSR had. The US learned that you don't have to silence everyone who speaks out. Only those that could have an impact and develop followers. That's also the reason for free speech, or what's left thereof. As long as you don't get too many listeners, you can say whatever you want, it doesn't matter anyway.

Shooting people who try and leave your country?

Only 'cause it ain't necessary. Where do you want to go? There is no "West" you could flee to. The whole world works to th

wait for it. it may come to that. it's a logical extension of current trends. when those with money and skills exit faster then the flood of unskilled government benefit seekers. we can't very well have all the greedy producers abandon all the needy voters.

How old are you? If you seriously think that the state of the USA now and the state of the USSR then are in any way analogous makes me think you can't be very old. And, the fact that you called it Russia and not the USSR makes me doubly think you are a young one. Were you even born when the Berlin Wall came down?

I was aiding GDR refugees fleeing from Hungary to Austria. It's been quite a moving time for a young person.

Granted, that was during the quite interesting months just prior to the Berlin Wall coming down, but that's not the point. And I call it Russia because that's the name it has today. Plus, it's shorter than Soviet Union and I'm kinda lazy.

We're not quite there yet, granted. And we sure are far away from what the SU was during the Stalinist era. But so was the Soviet Union, even there things were not as

I was thinking about whether they planted a self propagating back-door into LLVM/CLANG, but that seems fragile as both CLANG and LLVM can be compiled with other compilers (recent versions of MSVC and GCC for example) -- that would likely clear out a hidden back door unless they have compromised *all* the compilers. (And I certainly wouldn't put that past them.)

How many methods can ensure every product ships with a tame always ready trap door and back door for the US gov?
The US gov has a few options as the public history of the NSA and GCHQ shows.
Ensure the product design is set to a standard thats open to the security services.
Generations of brand staff help the security services with every product and network as developed.
The security services set up their own front company and sell to the world over decades setting tame junk standards.
Any other method will

you know that DRAM hack-attack that was just made public? how much you wanna bet the US gov had a hand in making that possible?

I doubt that. My guess is it's just a prime example of cutting costs. It's cheaper to run non-ecc ram, and it's cheaper to implement software based ECC, then it is for hardware ECC.

Corporations want to make as much profit as possible, and the best way to to use cheaper components when making stuff.

Unless you mean the actual software to exploit it? This issue isn't new, just no one has actually made a proof of concept and shared it with the public. Guess it is quite possible that other people (NSA, Ha

you know that DRAM hack-attack that was just made public? how much you wanna bet the US gov had a hand in making that possible?

TFA mentions several things. First, they tried to write their own version of Xcode and tools to be able to substitute it on a victim's machine, they also tried to crack Apple's keys (which TFA claims they didn't manage to do) - it's unclear if it's Apple's signing keys, the per-device iOS keys, or what) etc.

I think the CIA would've had an easier time if they just jailbroke the devic

I really hope no one believe what the article says.
The government wants all of us to believe that we're safe and secured by the overreaching NSA.
All USA government needs is to ask apple (or any companies) to disclose their encryption scheme. It is far cheaper and more effective than trying to hack or crack anything, don't you think?

I think it is most effective when the company selling the product does not have a clue that it exists. Government agents could easily pose as programmers and work into sensitive positions within companies. A company could spot most alterations of a product already issued if the number of bits of code increased in any portion of the program.

I don't think this is a "tried to" at all, just look at the permissions a lot of stuff asks for.

Facebook, a bunch of EA games, Angry Birds, etc all ask for insane permissions ranging from your full contact list, to seeing who you are on a call with to accessing the microphone. It's a spook's wet-dream.

Would anyone place bets that some operating systems also have government spyware built in? Open source makes it less likely but sealed code such as in Windows products very likely does have built in spy ware. And I would bet that some encryption and compression programs are fishy as well.

The big news is not that the CIA was trying to break in. Hearing that they were trying means they still needed to get in.

Its when you STOP hearing they are trying. Because the only time they STOP trying is when they have in fact achieved their goal. These are not people who give up when it's too hard. They never quit. Unless they've won.